Over the past several years, Malaysian organisations have increasingly become the targets of vicious cyberattacks with notable data breaches and data leaks continuing to make national headlines.
A data breach is when an organisation’s sensitive, confidential, or protected data is taken from a system without verified authorization and is then usually exposed or sold on the dark web. In the case of ransomware attacks, hackers will break in, steal, and encrypt data denying the owner of the data access to until a ransom is paid. The data could also be used for extortion with the cyber criminals threatening to expose the data if the ransom isn’t paid.
Last November, it was reported that personal data of five million passengers and employees of a low-cost airline was leaked, after being hacked by a cybercrime group known as Daixin Team. In another case, more than 800,000 users’ personal data was allegedly sourced from the nation’s Election Commission’s database and put on sale on a popular database marketplace. Another example of a major incident this year, a leading online payment provider also experienced a cybersecurity breach that extracted Malaysians’ credit card details from online transactions.
Given the rise and scale of data breaches taking place, Malaysia’s new Communications and Digital Minister, Fahmi Fadzil, has urged businesses that collect and hold data to constantly monitor and improve aspects of cybersecurity by ensuring system infrastructure, databases and networks are updated and secured appropriately.
While prevention is the key when it comes to data protection, the prevalence of cybercrime indicates that it is not a case of if an organisation gets hit by a cyber-attack, but when.
With that in mind, here is a quick outline of the steps to take when a data breach occurs.
- Record what has happened
Start by documenting what you have found and the steps you took to include this as part of your risk assessment. This will be helpful when you need to report the incident to the authorities. Also, don’t try and remove forensic evidence as this will be needed in the post-incident investigation and remediation.
- Contain the breach
Find out what has happened to the affected data. If you are able to recover the affected data quickly, move to secure your systems and patch vulnerabilities that may have caused the breach. This will help to prevent multiple breaches from occurring. If possible, mobilise your breach response team immediately to support you.
- Assess the risk and impact
As work progresses to contain the breach, assess what is at risk of further harm and who could be affected. Properly assessing the incident will allow an organisation to respond to public enquiries and determine the next steps. Factors such as the number of individuals impacted, the identity of the victims, the type of personal data involved, should be taken into consideration.
- Reporting the incident
Report the incident to the relevant stakeholders and supervisory authorities as they can provide advice on the remedial steps. Also alert the impacted individuals so they can take precautionary steps to prevent further harm or risk to themselves
As a communication tip, it is helpful to provide sufficient information so that the victims are able to understand the impact of the data breach, how their security may be compromised and what they need to look out for.
Based on the recent cyberattacks, organisations are reminded that security breaches have significant implications including disruptions to operations, costly remedial fees, hefty fines, and reputation loss. This is why it is critical for organisations to implement technical and organisational measures to build a strong cybersecurity defence to reduce the risk of potential data breaches.
With the demand for skilled cybersecurity resources at an (understandably) all time high, many organisations are turning to cybersecurity as a service to help fill the security gap. Services such as Sophos Managed Detection and Response allow organisations to outsource their security needs to an expert team of threat hunters that can monitor their environment 24/7.
As Malaysia’s digital transformation continues to escalate, data and information are imperative to business operations and sustainability, organisations have a have a duty of care to their customers to uphold the integrity and security of the data and information that they are entrusted to with.
By Sandra Lee, Managing Director for Greater China, Southeast Asia & Korea, Sophos
10 January 2023